[Clamav-users] clamav-devel-20040125 : cltypes.h: No such file or directory {Scanned}

2004-01-26 Thread Jo Mills
Dear All,

I just (09:00 hrs GMT, Mon 26th Jan 2004) downloaded the latest
tarball to try out the OLE2 / VBA stream stuff on our file server.  
/configure seemed to go OK, I then tried "make" and got:

>
> In file included from scanners.c:39:
> vba_extract.h:26: cltypes.h: No such file or directory
> make[1]: *** [scanners.lo] Error 1
> make[1]: Leaving directory `/usr/local/src/clamav-devel-20040125/libclamav'
> make: *** [all-recursive] Error 1
> labserver:/usr/local/src/clamav-devel-20040125# 
>

labserver is an AMD Duron Debian box, kernel 2.4.18-1-k7.  I was 
running as root and using gcc version 2.95.4.

Any ideas?

Regards,

Jo.

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
MailScanner thanks transtec Computers for their support.



---
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and Integration
See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
http://www.eclipsecon.org/osdn
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users


Re: [Clamav-users] Suggestion: Read list of files to scan from file/stdin {Scanned}

2004-01-28 Thread Jo Mills
On Wed, Jan 28, 2004 at 08:20:41AM +0100, Tomasz Kojm wrote:
> On Tue, 27 Jan 2004 15:23:56 -0800 (PST)
> Ryan Finnie <[EMAIL PROTECTED]> wrote:
> 
> > find /path -ctime -1 -exec clamscan \{\} \;
> > 
> > but that invokes clamscan for EVERY matching file found.  Instead, I
> > would like to request that a new flag, say -f, be added to
> > clamscan/clamdscan that takes a list of files, one file per line, from
> > a file (-f file) or stdin (-f -).  That way you could do:
> > 
> > find /path -ctime -1 | clamscan -i -f -
> > 
> > or:
> > 
> > find /path -ctime -1 > /tmp/toscan
> > clamscan -i -f /tmp/toscan
> > 
> > and put it in a nightly cron job.  What do you think?
> 
> You can use the CVS version - clamscan supports multiple file arguments
> from command line, and build a script that executes clamscan on a bunch
> of files. You can fall into a problem with special characters and
> spaces, though.

Just a thought - perhaps you could modify the "tob" (Tape Orientated
Backup) scripts to do this.  Tob supports full, incremental and
differential file listings.

Jo.

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
MailScanner thanks transtec Computers for their support.



---
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and Integration
See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
http://www.eclipsecon.org/osdn
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users


[Clamav-users] Freshclam timeout with version devel-20040127 is too short {Scanned}

2004-01-28 Thread Jo Mills
Hi,

I have tried to use freshclam from the cvs version devel-20040127, but
after 20 minutes it times out.  My job shows the following:

> Starting the daily download of the clamAV virus databases to the 
> Labserver at Wed Jan 28 11:39:26 GMT 2004
> WARNING: Proxy settings are now only configurable in the config file.
> ClamAV update process started at Wed Jan 28 11:39:26 2004
> Connecting via proxy.littleport
> Reading CVD header (main.cvd): OK
> ERROR: Maximal time (1200 seconds) reached.
>
> Completed the daily download of the clamAV virus databases at Wed 
> Jan 28 11:59:26 GMT 2004
>
> Freshclam return value was 1

The Labserver is an AMD Duron box running Debian Woody.  Our Internet
connection is uncontested, symmetrical at 512 Kbps.  We are located
just north of Cambridge in the UK.  My mirrors.txt is shown below:

> clamav.inet6.fr
> clamav.e-admin.de
> clamav.fisher.hu
> clamav.essentkabel.com
> clamav.exsilia.net
> #clamav.ozforces.com
> #clamav.elektrapro.com
> #clamav.essentkabel.com
> #clamav.linux-sxs.org
> #clamav.rulez.pl
> #clamav.org

I have never known freshclam take less than 30 minutes to complete,
sometimes it can take up to an hour!  The timeout for freshclam
doesn't appear to be configurable.  Any suggestions?

Jo.


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
MailScanner thanks transtec Computers for their support.



---
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and Integration
See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
http://www.eclipsecon.org/osdn
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users


Re: [Clamav-users] Freshclam timeout with version devel-20040127 is too short {Scanned}

2004-01-30 Thread Jo Mills
> Try adding "-v" option. Maybe it'll show some important details.
> 
> I suspect that your proxy (or settings concerning it) is the 
> culprit.

Tomasz,

Thanks for the reply.  I tidied up my freshclam script so that it 
wasn't passing the "http-proxy" parameter.  I then re-ran it with the
-v option as suggested.  The output from freshclam

 Starting the daily download of the clamAV virus databases to the 
   Labserver at Thu Jan 29 09:05:03 GMT 2004
 Current working dir is /var/lib/clamav
 Max retries == 3
 ClamAV update process started at Thu Jan 29 09:05:03 2004
 Connecting via proxy.littleport
 Connected to database.clamav.net (172.31.2.2).
 Reading CVD header (main.cvd): OK
 ERROR: Maximal time (1200 seconds) reached.

 Completed the daily download of the clamAV virus databases at Thu 
 Jan 29 09:25:03 GMT 2004

appears quickly.  After a few seconds the [\] display stops whirling
around and thats it.  It makes no difference if I use the French
mirror.  The freshclam process is just sleeping, (STAT "S", no CPU 
usage and no Memory usage) after its initial burst of activity.

Normal downloads from the Net are quick, but our proxy is a Novel box
configured and controlled by the main IT dept.  Until I build a
replacement Debian box I have no control over what it is doing or how
it is configured.  But why could "ordinary" downloads be quick and yet
clam database downloads seem to hang somewhere?

Thanks for your help,

Regards,

Jo.

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
MailScanner thanks transtec Computers for their support.



---
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and Integration
See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
http://www.eclipsecon.org/osdn
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users


[Clamav-users] clamscan-devel-20040129 and "ERROR: Can't initialize the virus database." {Scanned}

2004-01-31 Thread Jo Mills
Hi,

I'm not have a good time with the latest cvs snapshots so please bear
with me.  Platform is a Debian (Woody) box - AMD Duron processor.

I have downloaded and built ClamAV version devel-20040129 from the
tarball.

My /usr/local/etc/clamav.conf has the following entry

 # Path to a directory containing .db files.
 # Default is the hardcoded directory (mostly /usr/local/share/clamav,
 # it depends on installation options).
 DataDirectory /var/lib/clamav
 #DataDirectory /usr/local/share/clamav
 
ls -l /var/lib/clamav shows

 total 3420
 -rw-r--r--1 clamav   clamav 671587 Jan 29 09:26 8835d2dfdc4bef4a
 -rw-r--r--1 clamav   clamav1037239 Jan 29 09:05 e03647661b51a6e7
 -rw-r--r--1 root root  212 Jan 28 11:39 mirrors.txt
 -rw-r--r--1 clamav   clamav1762362 Jan 28 16:03 viruses.db
 -rw-r--r--1 clamav   clamav   7929 Jan 28 16:33 viruses.db2

When I try

 /usr/local/bin/clamscan --log=/var/log/clamscan/apps_win32.log  \
   --recursive --max-files=2000 --max-space=30M --max-recursion=5 \
   /diskc/utils/apps/Win32
   
I get the response

 ERROR: Can't initialize the virus database.
 
The return code is 50.

Any ideas gratefully received.

Thanks,

Jo.

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
MailScanner thanks transtec Computers for their support.



---
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and Integration
See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
http://www.eclipsecon.org/osdn
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users


FWD: Re: [Clamav-users] Freshclam timeout with version devel-20040127 is too short {Scanned}

2004-01-31 Thread Jo Mills

> Try adding "-v" option. Maybe it'll show some important details.
> 
> I suspect that your proxy (or settings concerning it) is the 
> culprit.

Tomasz,

   I should have added that the script which I use to run freshclam
checks the return value of freshclam - see extract below.

  RETVAL=-1
  umask 002

  /usr/local/bin/freshclam -v --log=/var/log/freshclam/freshclam.log
  RETVAL=$?

  echo -en "\nCompleted the daily download of the clamAV virus \
 databases at "
  date
  echo -e "\nFreshclam return value was $RETVAL"

Interestingly, the retrun code from freshclam is 1 (i.e. success).

  Starting the daily download of the clamAV virus databases to the
Labserver at Thu Jan 29 09:26:31 GMT 2004
  Current working dir is /var/lib/clamav
  Max retries == 3
  ClamAV update process started at Thu Jan 29 09:26:31 2004
  Connecting via proxy.littleport
  Connected to clamav.inet6.fr (172.31.2.2).
  Reading CVD header (main.cvd): OK
  ERROR: Maximal time (1200 seconds) reached.

  Completed the daily download of the clamAV virus databases at Thu 
  Jan 29 09:46:31 GMT 2004

  Freshclam return value was 1
 
Clearly the script calling freshclam did not set RETVAL to 1, so
freshclam must have completed successfully and yet having done this,
the freshclam process just goes to sleep until the timeout ocurrs.

Thanks again for your help,

Regards,

Jo.

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
MailScanner thanks transtec Computers for their support.



---
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and Integration
See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
http://www.eclipsecon.org/osdn
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users


Re: [Clamav-users] clamscan-devel-20040129 and "ERROR: Can't initialize the virus database." {Scanned}

2004-02-02 Thread Jo Mills
On Sun, Feb 01, 2004 at 12:21:18AM +0100, Tomasz Kojm wrote:
> On Thu, 29 Jan 2004 09:58:00 +
> Jo Mills <[EMAIL PROTECTED]> wrote:
> 
> > ls -l /var/lib/clamav shows
> > 
> >  total 3420
> >  -rw-r--r--1 clamav   clamav 671587 Jan 29 09:26
> >  8835d2dfdc4bef4a-rw-r--r--1 clamav   clamav1037239 Jan 29
> >  09:05 e03647661b51a6e7-rw-r--r--1 root root  212 Jan
> >  28 11:39 mirrors.txt-rw-r--r--1 clamav   clamav1762362 Jan 28
> >  16:03 viruses.db-rw-r--r--1 clamav   clamav   7929 Jan 28
> >  16:33 viruses.db2
> > 
> > When I try
> > 
> >  /usr/local/bin/clamscan --log=/var/log/clamscan/apps_win32.log  \
> >--recursive --max-files=2000 --max-space=30M --max-recursion=5 \
> >/diskc/utils/apps/Win32
> 
> clamscan doesn't depend on clamav.conf (so it may search for the
> databases in other directory). Remember that cvs snapshots come with the
> empty files instead of the real databases. Running freshclam should fix
> the problem.

Tomasz

Thanks for the reply.  Running freshclam did not solve the problem as
freshclam is updating the virus databases to /var/lib/clamav (when it
works - I'm the poor sod who is suffering the Novel proxy and the
freshclam timeouts) but clamscan from ClamAV version devel-20040129 is
looking for the database files in /usr/local/share/clamav.

Please note:

   labserver:/var/lib/clamav# /usr/local/bin/freshclam --version
   freshclam / ClamAV version devel-20040129

so I am trying to run the correct version of freshclam (I have also
checked that no other versions of freshclam exist on this machine).

I haven't looked into why this should be so, possibly a hang over from
the last cvs version I tried (clamav-devel-20031027) or the deb
package I tried (clamav-0.60-10)?  I did remove the deb package before
building ClamAV version devel-20040129.

Nothing untoward is reported in the freshclam logs, However I did
notice that /var/lib/clamav is filling up with some "oddly" named 
files, see below.

labserver:/var/lib/clamav# ls -l
total 6720
-rw-r--r--1 clamav   clamav 671587 Feb  2 09:40 2c32ffb6a337ad59
-rw-r--r--1 clamav   clamav 671587 Feb  2 08:30 4eaeb04bd4770881
-rw-r--r--1 clamav   clamav 671587 Jan 29 09:26 8835d2dfdc4bef4a
-rw-r--r--1 clamav   clamav 671587 Feb  1 08:30 b87c6dfd6063782b
-rw-r--r--1 clamav   clamav 671587 Jan 31 08:30 c40b5d04fa707af2
-rw-r--r--1 clamav   clamav 671587 Jan 30 08:30 de3d62fa67305fe9
-rw-r--r--1 clamav   clamav1037239 Jan 29 09:05 e03647661b51a6e7
-rw-r--r--1 root root  212 Jan 28 11:39 mirrors.txt
-rw-r--r--1 clamav   clamav1762362 Jan 28 16:03 viruses.db.orig
-rw-r--r--1 clamav   clamav   7929 Jan 28 16:33 viruses.db2.orig


The two *.orig files were my attempt to force freshclam to perform a
download as though for a new installation, but I was defeated by our
Novel proxy!

Anyway, I'm up & running again so thanks for the tip.  I'll try out
the snapshot on our archives.

Best Regards,

Jo.

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
MailScanner thanks transtec Computers for their support.



---
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and Integration
See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
http://www.eclipsecon.org/osdn
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users


Re: [Clamav-users] many files in /var/lib/clamav created on the same day {Scanned}

2004-02-03 Thread Jo Mills
On Tue, Feb 03, 2004 at 11:05:00AM +0200, Alexander Piavka wrote:
> 
> Hi, i'm running mandrake9.1 and have the following rpms installed
> libclamav1-0.66-0.20031204.1mdk
> clamav-0.66-0.20031204.1mdk
> clamd-0.66-0.20031204.1mdk
> clamav-db-0.66-0.20031204.1mdk
> libclamav1-devel-0.66-0.20031204.1mdk
> clamav-milter-0.66-0.20031204.1mdk
> 
>  today i found that over just one night in /var/lib/clamav many dirctories
> with mostly email text files were created, which took about 700M. This has
> never happend before, what could be the cause of this?
> 
> 0336627833969047/ 2af2095321235b73/ 5c3ef507d5c5efc6/ 8457b40ee1792a22/
> bd5dabbf44020ad3/ daily.cvd
> 085b21e84059d9b3/ 303a659157f18301/ 5fa73c8b73bb6867/ 84622e91d0e49068/
> c08079e274465dbe  df4bfa0fa22f315d/
> 092c251d0d96496d/ 3d092bbaabe4a60d/ 637edebca0cb377c/ 85774786e12e829f/
> cb8f1fa11b3e04a2/ eeb002563b1180e4/
> 0d97566bd3afb14e/ 45d4d76bda0e5ffb/ 6d3266f6ef310aa9/ a1519d4f7a57cbdc/
> clamd.socket= f1c8333948b66647/
> 10ee20f3d522354d/ 50202f10fe5ad4be/ 6fd188a041673a49/ a2d5c8767f7e2309/
> d36040d5db8a1348/ f5c8dce7a9af9546/
> 18cedd25c73cdf28/ 58916d995e603cbc/ 71d5f35c1017f136/ a86a69fb67cdd00b/
> d6c74b624e0b0fb7/ main.cvd
> 28eea215bf4820f6/ 5bbec38cf37d40aa/ 7e310e8730db63ac/ bbd6932712de9c63/
> d74d177a6a0f8fc6/ mirrors.txt
> 
>  Thanks

Just to say I reported this yesterday too.  With
clamav-devel-20040129, freshclam and our Novel http proxy, freshclam
returns "1" for success but it hasn't worked - for some reason our
Novel proxy causes a timeout and I think the server drops the
connection.  /var/lib/clamav/ fills up with the "oddly named" files 
and yet clamscan uses /usr/local/share/clamav/ for the location of 
viruses.*.

I am hoping our IT guys can correct the problem with the Novel proxy.

Jo.

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
MailScanner thanks transtec Computers for their support.



---
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and Integration
See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
http://www.eclipsecon.org/osdn
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users


Re: [Clamav-users] Contents of DBDIR {Scanned}

2004-02-04 Thread Jo Mills
On Wed, Feb 04, 2004 at 12:34:33AM -0600, Justin wrote:
> After getting 20040203 to compile tonight on my RH 9 box, I ran into 
> trouble starting the new daemon.  It was convinced I had a "Malformed 
.
.
.
> Everything seems to be running smoothly now.  I wonder though, should I 
> have a main.cvd?  Should I have a mirrors.txt?  Am I missing something 
> else?  Many thanks
> 
> Justin

Justin,

   Just a thought - what was the return code from freshclam?  Was it 
"1" by any chance?  I would be interested to know.

Regards,

Jo.

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
MailScanner thanks transtec Computers for their support.



---
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and Integration
See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
http://www.eclipsecon.org/osdn
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users


Re: [Clamav-users] Contents of DBDIR {Scanned}

2004-02-05 Thread Jo Mills
On Wed, Feb 04, 2004 at 11:44:05AM -0600, Justin wrote:
> On Wed, 4 Feb 2004, Jo Mills wrote:
> 
> > Justin,
> > 
> >Just a thought - what was the return code from freshclam?  Was it 
> > "1" by any chance?  I would be interested to know.
> 
> Thanks for the reply, Jo.  It looks like it's exiting with a 1.  

To my mind, I don't think it should be exiting with a "1".  man
freshclam shows:

 RETURN CODES
0 : Database succesfully updated.

1 : Database is up-to-date.

and freshclam gives a return code of 1 even though the update process
failed.  Surely this is not correct?

Jo.

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
MailScanner thanks transtec Computers for their support.



---
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and Integration
See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
http://www.eclipsecon.org/osdn
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users


[Clamav-users] Malformed CVD header detected {Scanned}

2004-03-23 Thread Jo Mills
Hi,

Is anybody else having problems getting database updates or is it just
me?  I haven't changed my clam setups for ages (it's on my todo list), 
yet recently (as from Mon, 22 Mar 2004 17:23:01 +) I get the following:

With freshclam 0.60:

   Current working dir is /usr/local/share/clamav
   Checking for a new database - started at Tue Mar 23 11:12:01 2004
   Connected to database.clamav.net.
   Reading md5 sum (viruses.md5): ERROR: Malformed md5 checksum detected.
   ERROR: Can't get viruses.md5 sum from database.clamav.net
   

With CVS freshclam version devel-20040129

   Current working dir is /usr/local/share/clamav
   Max retries == 3
   ClamAV update process started at Tue Mar 23 08:30:01 2004
   Connecting via proxy.littleport
   Connected to database.clamav.net (10.100.130.2).
   Reading CVD header (main.cvd): ERROR: Malformed CVD header detected.
   ERROR: Can't read main.cvd header from database.clamav.net (10.100.130.2)
   Trying again...
   
Regards,

Jo.

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
MailScanner thanks transtec Computers for their support.



---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users


Re: [Clamav-users] Malformed CVD header detected {Scanned}

2004-03-23 Thread Jo Mills
On Tue, Mar 23, 2004 at 08:53:40PM +0700, Fajar A. Nugraha wrote:
> Jo Mills wrote:
> 
> >Hi,
> >
> >Is anybody else having problems getting database updates or is it just
> >me?  I haven't changed my clam setups for ages (it's on my todo list), 
> >yet recently (as from Mon, 22 Mar 2004 17:23:01 +) I get the following:
> >
> [snip]

> >
> Does your proxy allow DNS TCP packets?
> Try nslookup database.clamav.net on your proxy.
> If you get an error, try adjusting your proxy or firewall to allow DNS 
> TCP packets.
> 
> Regards,
> 
> Fajar
> 
[snip]

Fajar,

I considered this originally but then discounted it as the firewall on our
system allows TCP DNS packets.  However, I hadn't allowed for the main IT
guys at the other end of our VPN being helpful!  They must have stopped TCP
packets for DNS sometime on Monday afternoon.  I'll sort out some DNS servers
from our ISP and (yet again!) work around the IT guys.  (Trog helped
out last time -> freshclam timeout erros - I ended having to build a 
Debian / Squid HTTP Proxy to bypass the official Novell HTTP proxy).

Thanks again for your help,

Best regards,

Jo.

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
MailScanner thanks transtec Computers for their support.



---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users


Re: [Clamav-users] FreshClam and Proxy Settings... {Scanned}

2004-04-19 Thread Jo Mills
On Mon, Apr 19, 2004 at 06:48:14AM -0500, Anthony Presley wrote:
> On Sun, 2004-04-18 at 19:13, Tomasz Kojm wrote:
> > On Fri, 16 Apr 2004 15:20:02 -0500
> > Anthony Presley <[EMAIL PROTECTED]> wrote:
> > 
> > > Hi all --
> > > 
> > > I've downloaded and installed ClamAV .7 on my server, and it works
> > > really well.  All except freshclam, that is.
> > > 
> > > I've created /etc/freshclam.conf (after copying from the distributed
> > > file and editing), and changed the server and port settings to read:
> > > 
> > >   HTTPProxyServer 192.168.2.4
> > 
> > Please try to use a hostname instead of the IP of your PROXY server.
> 
> I've tried, with both the hostname, and the complete hostname +
> domain-name, ie:
> 
>   HTTPProxyServer www
>   
>   AND
> 
>   HTTPProxyServer www.domainname.com
> 
> Same problem.
> 
> Any more ideas?

Apologies if I've missed the obvious, but I think it's just a case of
logically breaking down your problem step by step and seeing where 
your setup is wrong. Where is your problem; before the proxy, with the
proxy, after it, or a mixture of these?

Possible things you could try:

   host www
   
or similar from your "freshclam" machine to check your DNS works OK to
find your proxy.  Can you ping your proxy from the "freshclam" machine
to see if the route is OK?  Have you tried 

   host database.clamav.net
   
from your freshclam machine, you should see something like:

  database.clamav.net CNAME   db.local.clamav.net
  db.local.clamav.net CNAME   db.europe.clamav.net
  db.europe.clamav.netA   217.154.108.81
  db.europe.clamav.netA   62.210.153.201
  db.europe.clamav.netA   80.69.67.3
  db.europe.clamav.netA   152.66.249.132
  db.europe.clamav.netA   193.1.219.100
  db.europe.clamav.netA   193.138.115.108
  db.europe.clamav.netA   193.225.86.3
  db.europe.clamav.netA   195.70.36.141
  db.europe.clamav.netA   212.31.160.239
  db.europe.clamav.netA   213.184.16.3
  db.europe.clamav.netA   213.203.254.4


Have you tried 

   traceroute database.clamav.net
   
from your freshclam machine? I get the following when I try this (but
then we have a vpn to head office so this looks a bit odd to me):

traceroute: Warning: database.clamav.net has multiple addresses; using 193.138.115.108
traceroute to db.europe.clamav.net (193.138.115.108), 30 hops max, 38 byte packets
 1  labgw-o (10.100.200.1)  0.364 ms  0.187 ms  0.099 ms
 2  httpproxy-l (10.100.130.2)  0.375 ms  0.234 ms  0.183 ms
 3  httpproxy-l (10.100.130.2)  0.348 ms  0.398 ms  0.340 ms


Is the HTTPProxyPort is set to something sensible (maybe 8080), and
are the HTTPProxyUsername and HTTPProxyPassword are also correctly set
(or commented out) in freshclam.conf?

Have you tried using the proxy from your "freshclam" machine for
simple web browsing?  Do you have a firewall issue?  Do you know that
the proxy actually works?  

Hope this helps,

Regards,

Jo.

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
MailScanner thanks transtec Computers for their support.



---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users


Re: [Clamav-users] Worm.Hybris.D {Scanned}

2004-05-26 Thread Jo Mills
On Wed, May 26, 2004 at 01:50:30PM +0200, Ivan Petroff wrote:
> Hi everybody,
> 
> when I run clamscan from the System Rescue CD (www.sysresccd.org) on a
> Windows partition, I get a lot of "Worm.Hybris.D FOUND".
> But when I check the "infected files" on http://www.gietl.com/test-clamav/,
> it says they are not infected.
> 
> I always update the latest virus definitions before scanning.
> 
> Thank you for the ones who can help me.
> 
> Ivan
> 

Possiby a false positive?  See 

   http://www.nervous.it/~nervous/cgi-bin/sendvirus.cgi
   
for how to submit a flase positive sample.

Jo.

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
MailScanner thanks transtec Computers for their support.



---
This SF.Net email is sponsored by: Oracle 10g
Get certified on the hottest thing ever to hit the market... Oracle 10g. 
Take an Oracle 10g class now, and we'll give you the exam FREE.
http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users


Re: [Clamav-users] Problems with clamd in local network {Scanned}

2004-05-27 Thread Jo Mills
On Thu, May 27, 2004 at 01:06:01PM +0200, Pippi Langstrumpf wrote:
> Hi, 
> 
> how can i configure clamd in a local network? has
> anybody some documentation (more detailed than the the
> normal clamav docs..)
> 
> Situation:
> PC 1: installed clamd, clamav, clamav-base,
> clamav-daemon, clamav-freshclam, libclamav1
> --> has internet connection (sometimes)
> 
> PC2: installed clamav, clamav-base, clamav-freshclam,
> libclamav1
> --> just local network
> 
> PC1: db-update via internet
> PC2: tries to connect to PC1 for db update with
> freshclam
> --> errormessage:
> ClamAV update process started at Wed May 26 13:59:43
> 2004
> ERROR: Can't connect to port 80 of host 10.1.0.6
> (10.1.0.6)
> ERROR: Connection with 10.1.0.6 (IP: 10.1.0.6) failed.
> 
> some help?
> 
Just a thought, but why do you run freshclam on PC2?  If you ran
freshclam via cron on PC1, then once PC1 has updated it's database(s)
OK (check the return codes from Freshclam in the documentation) you
could, as part of the same cron job, use scp (see SSH documentation if
you're not familiar with scp) to copy the new database(s) to PC2 (and
as many other PC's as you wish).

Perhaps you could use NFS to "share" the directory on PC1 with other
PC's?  I guess it depends a bit on your security considerations and on
what it is your trying to do.

Jo.

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
MailScanner thanks transtec Computers for their support.



---
This SF.Net email is sponsored by: Oracle 10g
Get certified on the hottest thing ever to hit the market... Oracle 10g. 
Take an Oracle 10g class now, and we'll give you the exam FREE.
http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users


Re: [Clamav-users] Re: Freshclam not responding {Scanned}

2004-06-03 Thread Jo Mills
On Thu, Jun 03, 2004 at 02:24:06PM +0100, Gervase wrote:
> On Wed, 2004-06-02 at 15:49, Ron Snyder wrote:
> 
> > if you do a 'dig database.clamav.net' or a 'host database.clamav.net', do
> > you get useful answers? 
> 
> No.  Both merely say:
> "truncated, retrying in TCP mode,
> timed out -no servers could be reached".
> 
> I am baffled, especially by the fact that the problem first occurred 
> for no apparent reason while happily using Clamav 0.70.  

Don't give up!  Have you tried something along the lines of:

   host google.co.uk
   
You should see something like:

   google.co.ukA   216.239.59.104
   google.co.ukA   216.239.39.104
   google.co.ukA   216.239.57.104
   
If you don't, then I guess you have a problem interacting with your 
name server.  If it does work, then you could try:

   traceroute google.co.uk
   
We go through a proxy here which is firewalled, so my traceroute is as 
follows - but it shows the route up to and including the firewall so
you know its getting at least that far.

   traceroute: Warning: google.co.uk has multiple addresses; using 216.239.39.104
   traceroute to google.co.uk (216.239.39.104), 30 hops max, 38 byte packets
1  labgw-o (10.100.200.1)  0.540 ms  0.221 ms  0.110 ms
2  httpproxy-l (10.100.130.2)  0.321 ms  0.246 ms  0.200 ms
3  httpproxy-l (10.100.130.2)  0.348 ms  0.403 ms  0.316 ms


A similar exercise with database.clamav.net resulted in:

   traceroute: Warning: database.clamav.net has multiple addresses; using 
212.31.160.239
   traceroute to db.europe.clamav.net (212.31.160.239), 30 hops max, 38 byte packets
1  labgw-o (10.100.200.1)  1.023 ms  0.513 ms  0.394 ms
2  httpproxy-l (10.100.130.2)  0.361 ms  0.440 ms  0.383 ms
3  httpproxy-l (10.100.130.2)  0.509 ms  0.465 ms  0.394 ms


What happens is you try:

   host db.europe.clamav.net
   
I get:

   db.europe.clamav.netA   193.19.98.136
   db.europe.clamav.netA   193.52.101.131
   db.europe.clamav.netA   193.138.115.108
   db.europe.clamav.netA   193.225.86.3
   db.europe.clamav.netA   195.13.43.28
   db.europe.clamav.netA   195.70.36.141
   db.europe.clamav.netA   195.92.99.99
   db.europe.clamav.netA   212.14.28.36
   db.europe.clamav.netA   212.31.160.239
   db.europe.clamav.netA   212.162.12.159
   db.europe.clamav.netA   213.184.16.3
   db.europe.clamav.netA   213.203.254.4
   db.europe.clamav.netA   62.210.153.201
   db.europe.clamav.netA   80.69.67.3
   db.europe.clamav.netA   147.229.3.16
   db.europe.clamav.netA   152.66.249.132
   db.europe.clamav.netA   193.1.219.100


What happens if you try:

   host 193.19.98.136
   
I get:

   Name: morden.dbplc.com
   Address: 193.19.98.136
   
I think it would be worth persevering and if you have to specify a few
specific IP addresses for freshclam until you get your problem
resolved then it's not so terrible.  If host works with google.co.uk
and it doesn't work with database.clamav.net then somewhere surely
there must be a firewall blocking TCP DNS requests?

Jo.

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
MailScanner thanks transtec Computers for their support.



---
This SF.Net email is sponsored by the new InstallShield X.
>From Windows to Linux, servers to mobile, InstallShield X is the one
installation-authoring solution that does it all. Learn more and
evaluate today! http://www.installshield.com/Dev2Dev/0504
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users


Re: [Clamav-users] Problem with Clamav on gentoo {Scanned}

2004-06-17 Thread Jo Mills
On Thu, Jun 17, 2004 at 10:10:41AM +0300, Boris Stoev wrote:
> Hi there !
> 
> I have Gentoo Linux on x86 platform.
> My software is :
> 
> net-mail/qmail-1.03-r13
> app-antivirus/clamav-0.70
> net-mail/qmail-scanner-1.16-r2
> mail-filter/spamassassin-2.63
> net-mail/vpopmail-5.4.0
> 
> My mail server is :
> 
> Pentium 4 2,8Mhz
> RAM 2GB
> HDD 2x 200GB
> Intel875 chipset
> 
> I have 2898 mail accounts
> 
> when I try to run clamav in qmail-scanner-queue.pl in my smtp log i have 
> this:
> @400040d16cb708cc8294 X-Qmail-Scanner-1.16:[mail108746655742621446] 
> clam_scanner: corrupt or unknown ClamAV scanner error or 
> memory/resource/perms problem - exit status 50
> 
> 
> Please help me if you can
> 
> BR Boris
> 
Boris,

Apologies if this is all wrong (I don't use Qmail) but I remembered a
similar mail on the list from a few days ago.  Is

http://www.mail-archive.com/[EMAIL PROTECTED]/msg08970.html

of any help?  The end of the message says:

> If scanning manually works but you get the above error in your log then you
> may want to try raising your softlimit value in the qmail-smtpd run script.
> It may be failing to load the database because of insufficient memory
> allowed to the process.
>
>
> Jim

Jo.

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
MailScanner thanks transtec Computers for their support.



---
This SF.Net email is sponsored by The 2004 JavaOne(SM) Conference
Learn from the experts at JavaOne(SM), Sun's Worldwide Java Developer
Conference, June 28 - July 1 at the Moscone Center in San Francisco, CA
REGISTER AND SAVE! http://java.sun.com/javaone/sf Priority Code NWMGYKND
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users


Re: [Clamav-users] checksum problems

2004-06-30 Thread Jo Mills
On Wed, Jun 30, 2004 at 09:32:14AM +0200, Cristiano Paris wrote:
> 
> Hi everyone,
> 
> I've just installed clamav on an old Slack7 system. It seems to work
> fine but freshclam refuses to update the Viruses DB.
> 
> I get this error:
> 
> ERROR: The checksum of downloaded database isn't ok. Please check it
> yourself or try again.
> 
> Any hint?
> 
> Cristiano

Cristiano,

Have you checked all the obvious things - you can resolve the names in
freshclam.conf OK.

(i.e. DatabaseMirror database.clamav.net)

There are loads of mails in the archive about DNS & UDP .v. TCP wrt
packet size and the problems caused by this.

There have also been various mails about building clam from sources
and making sure that you have the correct libraries in place to
support the digital signature of the database - possibly worth a look.

Apart from firewall / DNS / digiatl signature issues I cannot think of
another reason for freshclam not working.

HTH,

Jo.


---
This SF.Net email sponsored by Black Hat Briefings & Training.
Attend Black Hat Briefings & Training, Las Vegas July 24-29 - 
digital self defense, top technical experts, no vendor pitches, 
unmatched networking opportunities. Visit www.blackhat.com
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users


Re: [Clamav-users] MD5 checksum always wrong

2004-07-01 Thread Jo Mills
On Wed, Jun 30, 2004 at 01:49:02PM -0600, Steve Lenti wrote:


> I have tried adjusting the DatabaseMirror setting in the freshclam.conf
> but it always uses these same 2 addresses.  I'm thinking that somehow
> one of the sources didn't get updated correctly, but how do I force
> freshclam to obtain the updates from another server.
> 
> TIA,
> Steve 
> 


Steve,

If you look at the clamav site and the mirrors page

   http://www.clamav.net/mirrors.html
   
you will see lots of possible sites.  If you then specify one of these
in your freshclam.conf then I believe you will use that site.

HTH

Jo.


---
This SF.Net email sponsored by Black Hat Briefings & Training.
Attend Black Hat Briefings & Training, Las Vegas July 24-29 - 
digital self defense, top technical experts, no vendor pitches, 
unmatched networking opportunities. Visit www.blackhat.com
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users


Re: [Clamav-users] foto From: "Rse" To: "Modssl-users"

2004-09-01 Thread Jo Mills
On Wed, Sep 01, 2004 at 02:20:37PM +0200, Maurizio Marini wrote:
> as subscriber to Modssl-users, i'm receiving by yestarday many copies of an
> email with subject: foto
> coming from engelschall
> i think some of them have received it , too
> 
> is this mail infected?
> if yes, why clamav doesn't recognize it?
> maurizio
> 
Hi Maurizio,

Just to let you know we run ClamAV 0.75.1-3 (Debian package) here and
it seems to have caught such a "foto" e-mail OK.  Please see the
report below:

   Date: Tue, 31 Aug 2004 20:26:46 +0100
   To: [EMAIL PROTECTED]
   From: "MailScanner" <[EMAIL PROTECTED]>
   Subject: Warning: E-mail viruses detected

   The following e-mail messages were found to have viruses in them:

   Sender: [EMAIL PROTECTED]
   IP Address: 127.0.0.1
   Recipient: @localhost
   Subject:  foto
   MessageID: 1C2EH9-0002Sn-00
   Report: ClamAV: fotos.zip contains Trojan.JS.RunMe

As you can see, it seems to work OK.

Regards,

Jo.


---
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_id=5047&alloc_id=10808&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users


Re: [Clamav-users] freshclam: Chunked Transfer Coding

2004-10-19 Thread Jo Mills
Hi,

First let me apologize if this is way off the mark, but it has aroused
my curiosity.  When you say "freshclam fails", do you get a return
value of 1?  I only ask because we have two Web Proxies in the office,
one is a Novell box and the other is Squid/Debian.  I built the
Squid/Debian box as freshclam would not work through the Novell box
and for various reasons too boring to go into here, it was just easier
to re-route all non vpn traffic via a new proxy than get RSSI of the
forehead negotiating with the IT dept - they control the Novell box.

As I say, just curious.

Regards,

Jo.
___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


[Clamav-users] Error 139 when running clamscan 0.60 on files {Scanned}

2003-10-15 Thread Jo Mills
Dear All,

I am running clamscan / ClamAV version 0.60 on an i686  Debian Woody
2.4.18-1-k7 system.

When I run clamscan over one particular set of directories (old archive files)
clamscan runs for a while and then produces the following output whilst
returning error code 139.  The error is very reproducible.

   Segmentation fault
  
I see from the archives that a similar problem was reported by Scott Kveton on  
Fri, 8 Aug 2003 10:34:47 -0700, but Scott's problem was with scanning e-mails
and defunct processes - there are no defunct processes left with the error I
have.

The latest stable download still seems to be 0.60 although mention is made of a
0.60-4 and a 0.60-5 version in another e-mail on the subject of error 139.

I would be grateful for any suggestions on the best way to proceed,

Regards,

Jo.

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
MailScanner thanks transtec Computers for their support.



---
This SF.net email is sponsored by: SF.net Giveback Program.
SourceForge.net hosts over 70,000 Open Source Projects.
See the people who have HELPED US provide better services:
Click here: http://sourceforge.net/supporters.php
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users


[Clamav-users] Re: Debian packages - which Debian & how ClamAV is built {Scanned}

2003-11-13 Thread Jo Mills
On Thu, Nov 13, 2003 at 01:29:21PM +, Mike Brodbelt wrote:
> 
> It's be interesting to know how many people here run ClamAV on Debian,
> which release of Debian they're using, which release of ClamAV they're
> using, and whether they build locally installable packages themselves,
> get them from some other source, or just install in /usr/local outside
> the auspices of the package management system.
> 
> Mike.
> 

OK - I use Debian Woody on an AMD Duron(tm) file server.

  Linux version 2.4.18-1-k7 ([EMAIL PROTECTED]) 
  (gcc version 2.95.4 20011002 (Debian prerelease)) 
  #2 Sun Aug 10 09:21:59 EST 2003
  
   Currently this is running clamscan / ClamAV version devel-20031029


I use Debian Woody on an AMD-K6(tm) very low volume mail server.

  Linux version 2.2.19 ([EMAIL PROTECTED]) 
  (gcc version 2.7.2.3) 
  #1 Sat Sep 22 22:08:47 EST 2001
  
   Currently this is running clamscan / ClamAV version 0.60


Currently (when I have the time) I just build under /usr/local and work outside
of the package management system.  It's not a solution I'm keen on but I live
with it for one or two applications.

Jo.

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
MailScanner thanks transtec Computers for their support.



---
This SF.Net email sponsored by: ApacheCon 2003,
16-19 November in Las Vegas. Learn firsthand the latest
developments in Apache, PHP, Perl, XML, Java, MySQL,
WebDAV, and more! http://www.apachecon.com/
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users


Re: [Clamav-users] Exclude extension from scanning

2005-05-18 Thread Jo Mills
On Wed, May 18, 2005 at 01:28:43PM +0200, David wrote:
> 
> 
> 
> But,  if i need to exclude an extension. How i do it? 
> 
> 
> Thanx, 
> 

Pardon my butting in, but is this not more of a job for MailScanner or
such?  Once MailScanner (or similar) has decided which mails it is not
going to reject, it then calls ClamAV to test for viruses.

Regards,

Jo.
___
http://lurker.clamav.net/list/clamav-users.html


Re: [Clamav-users] Clamav upgrade

2005-05-23 Thread Jo Mills
On Mon, May 23, 2005 at 11:02:10AM +0200, Souza Simbota wrote:
> 
> Am running SUSE 9 with clamav 0.80 and Postfix as the mailserver. I want to
> upgrade clamav and I just downloaded "clamav-0.85.1.tar.gz". Can someone
> give the procedure for doing this before I mess up my server.
> 
> Thank you,
> 
> SOUZA
> 
Hi,

Did you already try:

   http://wiki.clamav.net/index.php/UpgradeInstructions
   
Regards,

Jo.
___
http://lurker.clamav.net/list/clamav-users.html